Mobile security technology is the primary area of interest and development right now, and for the foreseeable. Specific areas of mobile security development would include, device firmware, mobile payments, HTML5 apps and the cellular network. ID Theft Protect is approached by a number of global security focussed start-up and mid-start-ups in any given year.

Desktop PC-based malware/viruses are still a major threat but the mobile threat is also very real. ID Theft Protect is working with Windows OS/Phone, Firefox OS, Android, iOS and BlackBerry BB10 platforms on researching current and future threats as well as vulnerabilities. We have also introduced a robust Android application filtering and approval process for developers submitting apps to the Play Store.

One specific area of our research is mobile malware dynamic analysis. Understanding how to dynamically monitor the behaviour of the malware sample isn't too difficult but the difficult area of the analysis is how do to trigger the malware. We are currently investigating solutions to this and many more problems.

The ad networks (and publishers) are vulnerable to having their products and services (I.e. URLs, IP blocks/servers) incorrectly classified as suspicious by AV vendors. It is known that false positives cause serious loss of core business revenue to ad companies. ID Theft Protect works with the ad networks and publishers to help them comply with the AV vendors classifications.

Browser extensions are very useful tools that provide various options for an improved browsing experience. Some extensions however, can be unsafe due to persistent tracking; ability to remote control your PC; trigger Java/Flash; and enabling botnet attacks. This only happens … Continue reading →